Professional Documents
Culture Documents
2.4 Analyzing Indicators of Malicious Activity
2.4 Analyzing Indicators of Malicious Activity
Malware Attacks:
1. Ransomware:
Indicators:
Sudden encryption of files.
Ransom notes demanding payment.
2. Trojan:
Indicators:
Unauthorized access or data theft.
Unexpected system behavior.
3. Worm:
Indicators:
Rapid spread across the network.
Unusual network traffic patterns.
4. Spyware:
Indicators:
Unauthorized data collection.
Suspicious network connections.
5. Bloatware:
Indicators:
Excessive resource consumption.
Unwanted pop-ups or advertisements.
6. Virus:
Indicators:
Replication and spreading to other files.
Altered or corrupted files.
7. Keylogger:
Indicators:
Unusual keyboard input patterns.
Unauthorized access to sensitive data.
8. Logic Bomb:
Indicators:
Unexpected system behavior triggered by specific conditions.
Malicious activities occurring after a specific event.
9. Rootkit:
Indicators:
Concealed presence within the system.
Unauthorized access to privileged areas.
Physical Attacks:
1. Brute Force:
Indicators:
Repeated login attempts.
Account lockouts.
2. RFID Cloning:
Indicators:
Unauthorized access using cloned RFID credentials.
3. Environmental:
Indicators:
Physical damage to hardware.
Unusual environmental conditions affecting equipment.
Network Attacks:
1. DDoS (Amplified/Reflected):
Indicators:
Sudden traffic spikes.
Service unavailability.
2. DNS Attacks:
Indicators:
Spoofed or manipulated DNS responses.
Unusual DNS query patterns.
3. Wireless Attacks:
Indicators:
Unauthorized access to the wireless network.
Anomalies in wireless traffic.
4. On-Path Attacks:
Indicators:
Intercepted or manipulated network traffic.
Unauthorized access to network communication.
5. Credential Replay:
Indicators:
Reuse of intercepted or stolen credentials.
6. Malicious Code:
Indicators:
Unexpected system behavior.
Unusual network communication.
Application Attacks:
1. Injection:
Indicators:
Unexpected data manipulation or access.
Unauthorized data retrieval.
2. Buffer Overflow:
Indicators:
Abnormal program termination.
Unusual memory usage patterns.
3. Replay:
Indicators:
Repeated or reused transactions.
Duplicate data submissions.
4. Privilege Escalation:
Indicators:
Unauthorized access to elevated privileges.
Unusual user activity.
5. Forgery:
Indicators:
Manipulated or falsified data.
Unauthorized access based on false credentials.
6. Directory Traversal:
Indicators:
Unauthorized access to directory structures.
Unusual file access patterns.
Cryptographic Attacks:
1. Downgrade:
Indicators:
Use of weaker cryptographic algorithms.
Compromised security protocols.
2. Collision:
Indicators:
Unintentional matching of cryptographic hash values.
3. Birthday:
Indicators:
Cryptographic collisions due to the birthday paradox.
Password Attacks:
1. Spraying:
Indicators:
Repeated login attempts with common passwords.
System alerts for multiple failed logins.
2. Brute Force:
Indicators:
Repeated login attempts.
Account lockouts.
Indicators:
1. Account Lockout:
Indicators:
Frequent or prolonged account lockouts.
Increase in failed login attempts.
2. Concurrent Session Usage:
Indicators:
Unexpected simultaneous logins from different locations.
3. Blocked Content:
Indicators:
Content filtering or access restrictions triggered.
4. Impossible Travel:
Indicators:
Logins from geographically distant locations in a short
timeframe.
5. Resource Consumption:
Indicators:
Abnormally high utilization of system resources.
6. Resource Inaccessibility:
Indicators:
Unavailability of critical resources.
Unauthorized access to restricted areas.
7. Out-of-Cycle Logging:
Indicators:
Logging activity outside expected timeframes.
Unusual patterns in log entries.
8. Published/Documented:
Indicators:
Discovery of sensitive